From 0ccb666e87fa95d5501fdba51ab238c47eaa2dfa Mon Sep 17 00:00:00 2001 From: Duncan Date: Wed, 6 Jul 2016 16:52:50 -0400 Subject: [PATCH] Addition of image showing risk behavior and starting writing on development of risk equation for assests. --- AADLSecPaper.tex | 39 ++++++++++++++++++++++++++++++++++++++- 1 file changed, 38 insertions(+), 1 deletion(-) diff --git a/AADLSecPaper.tex b/AADLSecPaper.tex index 5079afb..1d0c47e 100644 --- a/AADLSecPaper.tex +++ b/AADLSecPaper.tex @@ -21,6 +21,9 @@ % Equation packages \usepackage{amsmath} +% Graph generation package +\usepackage{tikz} + \usepackage{listings} % Include the listings-package \usepackage{color} \usepackage{balance} @@ -233,7 +236,41 @@ $p_{da}$ represents the probability of a direct attack, where direct attack is d attacker directly attempts to brute force a given security mechanism or standard. $p_{ida}$ represents the probability of an indirect attack, where an indirect attacker is one where a malicious user attempts to circumvent existing security by some aspect that is not directly related to the mentioned security implementation. %XXX What is the definition of security metric in the equation? -Once risk has been defined in the scope of examination, one can develop an `Estimation Metric' that can be compared and contrasted with each other to determine the `worth' of any given design. However, before these metrics can be developed, one must first determine a framework by which these calculations will be incorporated to allow for a relevant and meaningful interpretation of verification and selection metrics. +Once risk has been defined in the scope of examination, one can develop an `Estimation Metric' that can be compared and contrasted with each other to determine the `worth' of any given design. However, before these metrics can be developed, one must first determine a framework by which these calculations will be incorporated to allow for a relevant and meaningful interpretation of verification and selection metrics. + +\section{Design Oriented Examination of Risk} + +\begin{figure} +\centering +\begin{tikzpicture} [xscale=3.5, yscale=2] +\draw [<->] (0,1.5) -- (0,0) -- (3,0); +\node [below right] at (3,0) {$p_s*A$}; +\node [left] at (0,1.5) {$p_a$}; +\draw [dashed, gray] (0,1) -- (3,1); +\draw (1,0) to [out=90,in=180] (3,1); +%\draw [green, domain=0:3] plot (\x, {1 - exp(-\x - 1)}); +\draw (1,-0.1) -- (1,0.1); +\node [below] at (1,0) {$c_a$}; +\node [left] at (0,0) {0}; +\node [left] at (0,1) {1}; +\end{tikzpicture} +\caption{Estimation of Attack Risk Behavior} +\label{fig:attackRisk} +\end{figure} + +Since the traditional view of risk does not account for an attacker's motivations, this paper moves to develop an equation that will represent not only risk due to an attacker but also account for the fact that the calculation is reliant upon multiple sources of probability. A graphical estimation of this behavior is shown in Figure~\ref{fig:attackRisk}. + +Security risk of an attack can be represented as a combination of the probability of an attack, probability of the attack succeeding, and the impact of the attack. + +\begin{equation} \label{equ:attackRisk} + R = p_a * p_s * I +\end{equation} + +The probability of success is tied to the level of security implemented in the design, represented by the security metric (SM) value. This alters Equation~\ref{equ:attackRisk} to become: + +\begin{equation} + R = p_a * (1 - SM) * I +\end{equation} \section{Introducing the Framework} \label{sec:framework}